RE: Signal to end-user when using webauthn

Isn't this already implied by the attestations that may be part of the registration (which is out of scope of the W3C WebAuthn WG).

-----Original Message-----
From: Arshad Noor [mailto:arshad.noor@strongauth.com] 
Sent: Sunday, July 3, 2016 6:41 PM
To: public-webauthn@w3.org
Subject: Signal to end-user when using webauthn

I'm not sure if this is part of this WG's purview, but as the WG focuses on standardizing Webauthn, I would like to suggest adding one more element to its scope: a signal to the end-user when the platform is using the Webauthn standard to strongly-authenticate the user.

An informal case for this is documented in this brief blog entry:
*Not all biometric authentication is equal* - https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2falesa.website&data=01%7c01%7ctonynad%40microsoft.com%7cc713a71937b848c356c608d3a3ac794a%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=7WkozRldsTeHy6HRLVcQ27tpPOI0VryBKbrWtCTuXWM%3d.


Thank you.

Arshad Noor
StrongAuth, Inc.

Received on Tuesday, 5 July 2016 23:19:28 UTC